Xerox

Purpose:
•  Responsible for planning and implementing risk management strategies, processes and programs.  Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
•  The implementation and Performance of IT audit work and management testing.

•  The independent, third-party assessment of the conformity of any activities, processes, deliverables, and product or service with the criteria of specified standards, such as BS7799/ISO 27001, COBIT, COSO, local standards, best practice or other documented requirements.

•  Assessment may relate to, for example, information security, general computer controls, asset management, network security tools, firewalls and Internet security, real-time systems and application design and development.

•  This role will specialize on specific IT audit conformity such as IT General Computer Control audit for Sarbanes Oxley 404 compliance or information security inspection and Audit


Scope:
Specific:
•  Autonomy:

•  Works under general supervision.

•  Uses discretion in identifying and resolving complex problems and assignments.

•  Receives specific assignments in the form of scope and work is reviewed at frequent milestones.

•  Determines when problems should be escalated to a higher level.

•  Influence:

•  Interacts with and influences department/project team members.

•  Frequent external contact with customers and suppliers.

•  In predictable and structured areas, may supervise others.

•  Decisions may impact work assigned to individual/phases of project.

•  Develops high-level relationships with customers, suppliers and value chain partners.

•  Complexity:

•  Specialized range of work, of relatively less complexity and standard, in variety of environments.

General:
•  Uses best practices and knowledge of internal or external business issues to improve products or services

•  Acts as a resource for colleagues with less experience

•  Requires in-depth knowledge and experience

•  Decisions guided by policies, procedures and business plan

•  Generally domestic scope/accountability


Primary Responsibilities:
•  Evaluates and independently appraises the IT general computer and information security control of automated business and IT processes, based on investigation of evidence and assessments undertaken by self. Ensures that independent appraisals follow agreed procedure. Evaluate and recommend on ways of improving the effectiveness and efficiency of their control mechanisms.

•  Specifically:

•  Evaluates and independently appraises the general computer, information security and internal controls and operation of automated business processes, preparing programs of tests to determine the conformity with applicable standards.

•  Evaluates the results against specified objectives.

•  Reviews codes, documents and tests of IT programs to meet given specifications.

•  By analysis of collected information, identifies control weaknesses in processes or areas, and prepares formal reports commenting on the conformity found to exist in the audited part of an IT environment.

•  Reports audit findings and recommendations for improvement in the effectiveness and efficiency of control of aspects of the total IT environment, and reviews with line management.

•  Applies statistically valid sampling techniques against relevant populations to meet audit objectives

•  Compliance activity can include regulatory (i.e. Sarbanes-Oxley 404), industry standards for IT risk and security management (COBIT, ISO 27001), and company wide information security policies.